When creating WordPress plugins and themes, which will be used across thousands of websites, you need to be cautious about how to handle both the data coming into WordPress, and the data that is being presented to the user. In this tutorial, we are going to look at the native functions that can secure, clean and check data that is coming in or going out of WordPress. This is necessary when creating a settings page, HTML form, manipulating shortcodes, and so on. What is Sanitizing? In a nutshell, sanitizing is cleaning user input. It is the process of removing text, characters or code from input that is not allowed. Gmail Example: Gmail removes tags and their contents from HTML email messages before they are displayed on the Gmail browser client. This is done to prevent email CSS from overwriting Gmail styles. WordPress Example: Widget titles cannot have HTML tags in them. If you put HTML tags in them, then they are automatically removed before the title is saved. There are various functions provided by WordPress to sanitize different data into different forms. Here are some of them: sanitize_email() This function strips out all characters that are not allowed in an email address.
Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.